Open Information Security Foundation

11/25/2024

01:27 PM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords

However, if multiple thresholds are listed, latest stable complains about it :... Peter Manev

08:32 AM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords

I think I needed more coffee :) before my previous post. Peter Manev

07:43 AM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords

Latest stable complains and it will not load the rule in a regular run, however the message is not quite clear:
... Peter Manev

09/09/2024

04:33 PM Suricata Bug #7250 (New): tls version match can have incorrect behaviour

We have detailed TLS (event_type:tls) and flow (event_type:flow) logs where information about an encrypted session ... Peter Manev

06/17/2024

07:09 PM Suricata Feature #5646: rules: allow matching on flow pkts and bytes in either direction

"either" is good in my opinion. Peter Manev

09:53 AM Suricata Feature #7097: Additions to flow detection - size

This should cover it https://redmine.openinfosecfoundation.org/issues/5646 Peter Manev

06:55 AM Suricata Feature #7103 (Feedback): ssh: extra fields and keywords

Consider adding more ssh protocol fields (to the existing ssh protocol logging) and ssh keywords (to the rules for ... Peter Manev

06/16/2024

04:23 PM Suricata Feature #7101 (Feedback): eve: add number of flowbits in protocol records and alerts

Very useful for hunting can be the number of flowbits present in a protocol log or alert.
Details: https://www.st... Peter Manev

04:17 PM Suricata Feature #7100 (New): smb: additional keywords

We have the regular event_type SMB logs.
Some alert detection additions of SMB keywords could be very useful. ... Peter Manev

04:03 PM Suricata Feature #7099 (New): Addition of total bytes to the flow logs

We currently have to server,to client bytes in the flow logs.
It is very useful to have a total bytes filed that ... Peter Manev